Threat: With the DomainTools Iris integration, threat analysts can easily see if a domain or an IP is of potential risk to their organization and adjust their internal threat scores appropriately.
Threat Hunting: Threat hunters utilize the DomainTools Iris integration to gain quick insights into the information they are looking into to see if there is a potential threat to their organization. They can even pivot back into Iris for further analysis on an asn, domains, host, or registrant emails.
In order to use the Polarity - DomainTools IRIS integration configuration of the integration is required.
API Username - API username is the username that DomainTools associates with the API account. This is a separate username than what is used to log in to the account. To obtain the API username, navigate to the API Admin under the account dropdown.
API Key - An API key is associated with the API username. To obtain the API username, navigate to the API Admin under the account dropdown.
Minimum Iris Risk Score - This option enables the integration to only return results on indicators that are above this threshold. Please note that if you aren’t seeing results, check this option in your configuration and lower the score threshold.
Maximum Iris Pivots - Pivots in DomainTools Iris platform are the number of associated events that the data point has. This option enables a link out to Iris investigate platform for further analysis if the number of pivots is below the threshold.
Ignore List or Ignore Regex - DomainTools Iris Integration enables the ability to set a regex to match domains or IPs to be ignored or add in a comma-separated list, so the integration will never look them up in DomainTools Iris. This is typically used for sensitive information or company domains.